I am currently running a RHEL 6 server with IPA and a user test_user defined, attempting to authenticate using the 'Krb5LoginModule' Login Module I am getting the exception at the bottom of this question.
HOWEVER - if I add the system property -Dsun.security.krb5.debug=true the authentication completes without error - that system property is the only change between the failure scenario and successful scenario.
The same username and password also work flawlessly in kinit from the same machine running the Java client.
This is using Oracle jdk1.6.0_32.
So the question is what else is different when debug logging is enabled that would change the behaviour of the login process? At the moment enabling debug logging to understand the failure didn't work as that in itself caused it to work.
Exception in thread "main" javax.security.auth.login.LoginException: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at com.darranl.as.sasl.gssapi.KerberosLoginUtil.login(KerberosLoginUtil.java:50)
at com.darranl.as.sasl.gssapi.KerberosLoginUtil.main(KerberosLoginUtil.java:131)
Caused by: KrbException: Integrity check on decrypted field failed (31) - PREAUTH_FAILED
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:72)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:446)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:401)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:373)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
... 13 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
... 17 more
Related
We have an application which front end is on running on Tomcat 8.5, IIS 8.5 configured with isapi redirect. Everthing is working fine with java 8.92. But after upgrading Java to 8.211 windows authentication fails to connect with error
SOAP Fault occurred: Fault string, and possibly fault code, not set
Is there any configuration needs to be changed after Java update?
EDIT:
We have recreated Tomcat services after Java update. And if we enabe Anonymous Authentication in IIS everything works fine. But when only Windows Authentication is enabled in IIS we got that authentication failed error. There is only one error in logs
SEVERE [main] org.apache.catalina.core.StandardService.initInternal Failed to initialize connector [Connector[HTTP/1.1-1443]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
at org.apache.catalina.connector.Connector.initInternal(Connector.java:995)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardService.initInternal(StandardService.java:552)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:848)
at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
at org.apache.catalina.startup.Catalina.load(Catalina.java:639)
at org.apache.catalina.startup.Catalina.load(Catalina.java:662)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:303)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)
Caused by: java.lang.IllegalArgumentException
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:100)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:72)
at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:244)
at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1118)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(AbstractJsseEndpoint.java:223)
at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:581)
at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:70)
at org.apache.catalina.connector.Connector.initInternal(Connector.java:993)
... 13 more
Caused by: java.io.IOException
at org.apache.tomcat.util.net.SSLUtilBase.getKeyManagers(SSLUtilBase.java:301)
at org.apache.tomcat.util.net.openssl.OpenSSLUtil.getKeyManagers(OpenSSLUtil.java:98)
at org.apache.tomcat.util.net.SSLUtilBase.createSSLContext(SSLUtilBase.java:246)
at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:98)
I have java code that uses Java Management Extensions (JMX) monitoring API to get service statistics data from oracle weblogic console.
I have a production server and a testing server.
this java code works fine and gets service statistics data from weblogic console of testing server. when i run this code for production server it shows the below error :
java.lang.reflect.UndeclaredThrowableException
at $Proxy0.getProxyServiceStatistics(Unknown Source)
at reports.All_ServiceStatisticsReport.getProxyServiceDetails(All_ServiceStatisticsReport.java:235)
at reports.All_ServiceStatisticsReport.<init>(All_ServiceStatisticsReport.java:189)
at reports.All_ServiceStatisticsReport.main(All_ServiceStatisticsReport.java:567)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at reports.All_ServiceStatisticsReport$ServiceDomainMBeanInvocationHandler.invoke(All_ServiceStatisticsReport.java:145)
... 4 more
Caused by: com.bea.wli.monitoring.MonitoringException: [OSB-473057]Failed to get statistics for services due to java.lang.IllegalArgumentException: Server 'null' not found
at weblogic.utils.StackTraceDisabled.unknownMethod()
Caused by: java.lang.IllegalArgumentException: Server 'null' not found
... 1 more
Process exited with exit code 0.
the line where the error occurs is :
proxyServiceResourceStatisticMap = serviceDomainMbean.getProxyServiceStatistics(filteredProxyServiceRefs,resourceType.value(),null);
I am passing all the right arguments according to the oracle docs.
https://docs.oracle.com/middleware/1213/osb/java-api/com/bea/wli/monitoring/ServiceDomainMBean.html
then why i am getting this error.
thanks in advance.
I am getting following error while installing and setup of Knox on Hortonworks Hadoop 2.1.5.
I have already installed java jdk-7u65-linux-x64.tar.gz
SGSCAI0081:~ # su -l knox -c '/usr/lib/knox/bin/gateway.sh setup'
***************************************************************************************************
You have indicated that you would like to persist the master secret for this service instance.
Be aware that this is less secure than manually entering the secret on startup.
The persisted file will be encrypted and primarily protected through OS permissions.
***************************************************************************************************
Enter master secret:
Enter master secret again:
Exception in thread "main" java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.apache.hadoop.gateway.launcher.Invoker.invokeMainMethod(Invoker.java:70)
at org.apache.hadoop.gateway.launcher.Invoker.invoke(Invoker.java:39)
at org.apache.hadoop.gateway.launcher.Command.run(Command.java:101)
at org.apache.hadoop.gateway.launcher.Launcher.run(Launcher.java:69)
at org.apache.hadoop.gateway.launcher.Launcher.main(Launcher.java:46)
Caused by: java.lang.NoClassDefFoundError: sun.security.x509.X509CertImpl
at java.lang.J9VMInternals.verifyImpl(Native Method)
at java.lang.J9VMInternals.verify(J9VMInternals.java:72)
at java.lang.J9VMInternals.verify(J9VMInternals.java:70)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:134)
at org.apache.hadoop.gateway.services.DefaultGatewayServices.init(DefaultGatewayServices.java:59)
at org.apache.hadoop.gateway.GatewayServer.main(GatewayServer.java:110)
... 9 more
Caused by: java.lang.ClassNotFoundException: sun.security.x509.X509CertImpl
at java.net.URLClassLoader.findClass(URLClassLoader.java:434)
at java.lang.ClassLoader.loadClass(ClassLoader.java:660)
at java.lang.ClassLoader.loadClass(ClassLoader.java:626)
... 15 more
This is likely due to using Java 8 rather than Java 7. Even though you have installed Java 7 - perhaps you still have JAVA_HOME set to Java 8?
I have the next exception::
Exception in thread "main" java.lang.ExceptionInInitializerError
at javax.crypto.Mac.getInstance(DashoA13*..)
at com.adobe.adept.client.XMLUtil.createHMAC(XMLUtil.java:815)
at com.adobe.adept.client.XMLUtil.hmac(XMLUtil.java:788)
at com.adobe.adept.upload.UploadTest.makeContent(UploadTest.java:1454)
at com.adobe.adept.upload.UploadTest.<init>(UploadTest.java:1769)
at com.adobe.adept.upload.UploadTest.main(UploadTest.java:1806) Caused
by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.SunJCE_b.<clinit>(DashoA13*..)
... 6 more Caused by: java.lang.SecurityException: Cannot locate policy or framework files!
at javax.crypto.SunJCE_b.i(DashoA13*..)
at javax.crypto.SunJCE_b.g(DashoA13*..)
at javax.crypto.SunJCE_b$1.run(DashoA13*..)
at java.security.AccessController.doPrivileged(Native Method)
... 7 more
it is occurring on line:
Mac mac = Mac.getInstance("HmacSHA1");
I tried next solutions:
- NoSuchAlgorithmException: Algorithm HmacSHA1 not available - my local java.security file in actual state
- https://forums.oracle.com/forums/thread.jspa?threadID=316839
may be someone have any other ideas?
fixed. problem was in my code, I have unusable:
System.setProperties(props);
where props - properites of config file
Each time I try to deploy my server side code, the build fails. If I try to restart my machine, the build is successful but fails later when I try to build the subsequent times. I get the following Severe messages when I attempt to build:
SEVERE: "IOP00410216: (COMM_FAILURE) Unable to create IIOP listener on the specified host/port: localhost/3820"
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 216 completed: No
WARNING: Can not find resource bundle for this logger. class name that failed: org.glassfish.enterprise.iiop.impl.IIOPSSLSocketFactory
WARNING: Exception getting SocketInfo
java.lang.RuntimeException: Orb initialization eror
WARNING: "IOP02310202: (OBJ_ADAPTER) Error in connecting servant to ORB"
org.omg.CORBA.OBJ_ADAPTER: vmcid: SUN minor code: 202 completed: No
Following are the details for the severe method:
SEVERE: "IOP00410216: (COMM_FAILURE) Unable to create IIOP listener on the specified host/port: localhost/3820"
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 216 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.createListenerFailed(ORBUtilSystemException.java:3835)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.createListenerFailed(ORBUtilSystemException.java:3855)
at com.sun.corba.ee.impl.transport.SocketOrChannelAcceptorImpl.initialize(SocketOrChannelAcceptorImpl.java:98)
at com.sun.corba.ee.impl.transport.CorbaTransportManagerImpl.getAcceptors(CorbaTransportManagerImpl.java:247)
at com.sun.corba.ee.impl.transport.CorbaTransportManagerImpl.addToIORTemplate(CorbaTransportManagerImpl.java:264)
at com.sun.corba.ee.spi.oa.ObjectAdapterBase.initializeTemplate(ObjectAdapterBase.java:131)
at com.sun.corba.ee.impl.oa.toa.TOAImpl.<init>(TOAImpl.java:130)
at com.sun.corba.ee.impl.oa.toa.TOAFactory.getTOA(TOAFactory.java:114)
at com.sun.corba.ee.impl.orb.ORBImpl.connect(ORBImpl.java:1740)
at com.sun.corba.ee.spi.presentation.rmi.StubAdapter.connect(StubAdapter.java:212)
at com.sun.corba.ee.impl.orb.ORBImpl.getIOR(ORBImpl.java:2194)
at com.sun.corba.ee.impl.orb.ORBImpl.getFVDCodeBaseIOR(ORBImpl.java:966)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.glassfish.gmbal.generic.FacetAccessorImpl.invoke(FacetAccessorImpl.java:126)
at org.glassfish.gmbal.impl.MBeanImpl.invoke(MBeanImpl.java:440)
at org.glassfish.gmbal.impl.AttributeDescriptor.get(AttributeDescriptor.java:144)
at org.glassfish.gmbal.impl.MBeanSkeleton.getAttribute(MBeanSkeleton.java:569)
at org.glassfish.gmbal.impl.MBeanSkeleton.getAttributes(MBeanSkeleton.java:625)
at org.glassfish.gmbal.impl.MBeanImpl.getAttributes(MBeanImpl.java:389)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getAttributes(DefaultMBeanServerInterceptor.java:726)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getAttributes(JmxMBeanServer.java:665)
at org.glassfish.admin.amx.util.jmx.MBeanProxyHandler.getAttributes(MBeanProxyHandler.java:273)
at org.glassfish.admin.amx.core.proxy.AMXProxyHandler.attributesMap(AMXProxyHandler.java:1193)
at org.glassfish.admin.amx.core.proxy.AMXProxyHandler.attributesMap(AMXProxyHandler.java:1203)
at org.glassfish.admin.amx.core.proxy.AMXProxyHandler.handleSpecialMethod(AMXProxyHandler.java:414)
at org.glassfish.admin.amx.core.proxy.AMXProxyHandler._invoke(AMXProxyHandler.java:792)
at org.glassfish.admin.amx.core.proxy.AMXProxyHandler.invoke(AMXProxyHandler.java:526)
at $Proxy107.attributesMap(Unknown Source)
at org.glassfish.admin.amx.core.AMXValidator._validate(AMXValidator.java:642)
at org.glassfish.admin.amx.core.AMXValidator.validate(AMXValidator.java:1298)
at org.glassfish.admin.amx.impl.mbean.ComplianceMonitor$ValidatorThread.doRun(ComplianceMonitor.java:256)
at org.glassfish.admin.amx.impl.mbean.ComplianceMonitor$ValidatorThread.run(ComplianceMonitor.java:227)
Caused by: java.net.BindException: Address already in use
at sun.nio.ch.Net.bind(Native Method)
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:52)
at org.glassfish.enterprise.iiop.impl.IIOPSSLSocketFactory.createServerSocket(IIOPSSLSocketFactory.java:293)
at com.sun.corba.ee.impl.transport.SocketOrChannelAcceptorImpl.initialize(SocketOrChannelAcceptorImpl.java:91)
... 32 more
It looks like some process is using the port 3820. Since you have said that the first build works okay, I am tempted to say that your build is attempting to start the server, even though it is already started... which would give this kind of error. If you include more info about what you mean when you say 'build', someone may be able to give you a more complete answer.
I was getting this problem because my program crashed unexpectedly, while the server was still running. So, each time this happened I cleaned the tcp ports that remained open when the code crashed.